Author: ae
Date: Fri Nov 16 14:21:57 2018
New Revision: 340477
URL: https://svnweb.freebsd.org/changeset/base/340477
Log:
Allow configuration of several ipsec interfaces with the same tunnel
endpoints.
This can be used to configure several IPsec tunnels between two hosts
with different security associations.
Obtained from: Yandex LLC
MFC after: 2 weeks
Sponsored by: Yandex LLC
Modified:
head/sys/net/if_ipsec.c
Modified: head/sys/net/if_ipsec.c
==============================================================================
--- head/sys/net/if_ipsec.c Fri Nov 16 11:17:18 2018 (r340476)
+++ head/sys/net/if_ipsec.c Fri Nov 16 14:21:57 2018 (r340477)
@@ -968,7 +968,7 @@ static int
ipsec_set_addresses(struct ifnet *ifp, struct sockaddr *src,
struct sockaddr *dst)
{
- struct ipsec_softc *sc, *tsc;
+ struct ipsec_softc *sc;
struct secasindex *saidx;
sx_assert(&ipsec_ioctl_sx, SA_XLOCKED);
@@ -982,18 +982,6 @@ ipsec_set_addresses(struct ifnet *ifp, struct sockaddr
key_sockaddrcmp(&saidx->dst.sa, dst, 0) == 0)
return (0); /* Nothing has been changed. */
- }
- /* Check that given addresses aren't already configured */
- CK_LIST_FOREACH(tsc, ipsec_srchash(src), srchash) {
- if (tsc == sc)
- continue;
- MPASS(tsc->family == src->sa_family);
- saidx = ipsec_getsaidx(tsc, IPSEC_DIR_OUTBOUND, tsc->family);
- if (key_sockaddrcmp(&saidx->src.sa, src, 0) == 0 &&
- key_sockaddrcmp(&saidx->dst.sa, dst, 0) == 0) {
- /* We already have tunnel with such addresses */
- return (EADDRNOTAVAIL);
- }
}
/* If reqid is not set, generate new one. */
if (ipsec_init_reqid(sc) != 0)
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
